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CLAIM AMENDMENTS 

1. (Previously Presented) A method comprising: 

establishing a global zone, wherein the global zone is a global operating system 

environment that can support execution of one or more processes; 
establishing a non-global zone within the global zone, wherein the non-global zone is 

a partition of the global operating system environment, wherein the non-global 

zone operates as a separate and distinct operating system environment, and 

wherein the non-global zone can support execution of one or more processes; 
isolating a first process executing within the non-global zone to the non-global zone so 

that the first process does not have visibility or access to processes and objects 

that are not associated with the non-global zone; 
permitting a second process executing within the global zone to have visibility and 

access to processes and objects associated with the global zone; and 
permitting the second process executing within the global zone to have access to 

processes and objects associated with the non-global zone, if the second 

process has a privilege to cross zone boundaries. 

2. (Previously Presented) The method of claim 1, 

permitting the second process executing within the global zone to have visibility of 
processes and objects associated with the non-global zone without requiring 
the second process to have the privilege to cross zone boundaries. 
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3. (Previously Presented) The method of claim 1, the second process executing within 
the global zone to cross zone boundaries; and 

granting the second process the privilege to cross zone boundaries, if the second 
process is authorized to receive such a privilege. 



4. (Previously Presented) The method of claim 1, wherein the non-global zone has a first 
zone identifier associated therewith, wherein processes and objects associated with the 
non-global zone have the first zone identifier associated therewith, and wherein 
isolating the first process to the non-global zone comprises: 

allowing the first process executing within the non-global zone to view or access a 
target process or object only if the target process or object has the first zone 
identifier associated therewith. 



5. (Previously Presented) The method of claim 4, wherein the global zone has a second 
zone identifier associated therewith, wherein processes and objects associated with the 
global zone have the second zone identifier associated therewith, and wherein 
permitting the second process to have visibility and access to processes and objects 
associated with the global zone comprises: 

allowing the second process executing within the global zone to view and access an 

intended process or object if the intended process or object has the second zone 
identifier associated therewith. 



6. (Previously Presented) The method of claim 1, further comprising: 
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receiving an identifier indicating a zone selected from at least one of the global zone 

and the non-global zone; and 
mounting file system resources comprising processes to be executed in the zone 

indicated by the identifier to a portion of a file system associated with the zone 

indicated by the identifier; 
thereby enabling the processes of the file system resources to obtain at least one of 

visibility and access to objects within the zone corresponding to the identifier. 



7. (Original) The method of claim 6, wherein the file system resources are mounted to a 
subdirectory of a root directory of a portion of a file system associated with the zone 
indicated by the identifier; 

thereby enabling processes expecting a tree like directory structure to execute within 
the zone indicated by the identifier. 



8. (Original) The method of claim 6, further comprising: 

enabling select processes to be visible to all other processes in the global zone and the 
non-global zone. 



9. (Previously Presented) The method of claim 6, wherein file system resources 
comprise processes to be executed in any zone, the method further comprising: 
receiving a request by a requesting process to access processes in the file system 
resources; and 

limiting access to processes in the file system resources based upon the requesting 
process' relationship with a zone indicated in the request; 
4 
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thereby enabling the processes of the file system resources to obtain at least one of 

visibility and access to objects within the zone corresponding to the identifier. 



10. (Original) The method of claim 1, further comprising: 

providing information about the zone with which a process is associated based upon 

identity of a requesting process and relationship between the requesting process 
and the zone. 

1 1 . Canceled 

12. Canceled 

13. (Previously Presented) A computer readable storage medium, comprising: 
instructions for causing one or more processors to establish a global zone, wherein the 

global zone is a global operating system environment that can support 
execution of one or more processes; 
instructions for causing one or more processors to establish a non-global zone within 
the global zone, wherein the non-global zone is a partition of the global 
operating system environment, wherein the non-global zone operates as a 
separate and distinct operating system environment, and wherein the non- 
global zone can support execution of one or more processes; 
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instructions for causing one or more processors to isolate a first process executing 

within the non-global zone to the non- global zone so that the first process does 
not have visibility or access to processes and objects that are not associated 
with the non-global zone; 

instructions for causing one or more processors to permit a second process executing 
within the global zone to have visibility and access to processes and objects 
associated with the global zone; and 

instructions for causing one or more processors to permit the second process executing 
within the global zone to have access to processes and objects associated with 
the non-global zone, if the second process has a privilege to cross zone 
boundaries. 



14. (Previously Presented) The computer readable storage medium of claim 13, further 
comprising: 

instructions for causing one or more processors to permit the second process executing 
within the global zone to have visibility of processes and objects associated 
with the non-global zone without requiring the second process to have the 
privilege to cross zone boundaries 

15. (Previously Presented) The computer readable storage medium of claim 13, further 
comprising: 

instructions for causing one or more processors to receive a request from the second 
process executing within the global zone to cross zone boundaries; and 
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granting the second process the privilege to cross zone boundaries, if the second 
process is authorized to receive such a privilege. 



16. (Previously Presented) The computer readable storage medium of claim 13, wherein 
the non-global zone has a first zone identifier associated therewith, wherein processes 
and objects associated with the non-global zone have the first zone identifier 
associated therewith, and wherein the instructions for causing one or more processors 
to isolate the first process to the non-global zone comprises: 
instructions for causing one or more processors to allow the first process executing 
within the non-global zone to view or access a target process or object only if 
the target process or object has the first zone identifier associated therewith. 



17. (Previously Presented) The computer readable storage medium of claim 16, wherein 
the global zone has a second zone identifier associated therewith, wherein processes 
and objects associated with the global zone have the second zone identifier associated 
therewith, and wherein the instructions for causing one or more processors to permit 
the second process to have visibility and access to processes and objects associated 
with the global zone comprises: 

instructions for causing one or more processors to allow the second process executing 
within the global zone to view and access an intended process or object if the 
intended process or object has the second zone identifier associated therewith. 



18. (Previously Presented) The computer readable storage medium of claim 13, further 
comprising: 
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instructions for causing one or more processors to receive an identifier indicating a 

zone selected from at least one of the global zone and the non-global zone; and 

instructions for causing one or more processors to mount file system resources 

comprising processes to be executed in the zone indicated by the identifier to a 
portion of a file system associated with the zone indicated by the identifier. 



19. (Previously Presented) The computer readable storage medium of claim 18, wherein 
the file system resources are mounted to a subdirectory of a root directory of a portion 
of a file system associated with the zone indicated by the identifier; 
thereby enabling processes expecting a tree like directory structure to execute within 
the zone indicated by the identifier. 



20. (Previously Presented) The computer readable storage medium of claim 18, further 
comprising: 

instructions for causing one or more processors to enable select processes to be visible 
to all other processes in the global zone and the non-global zone. 



21. (Previously Presented) The computer readable storage medium of claim 18, wherein 
file system resources comprise processes to be executed in any zone, and wherein the 
computer readable storage medium further comprises: 

instructions for causing one or more processors to receive a request by a requesting 
process to access processes in the file system resources; and 
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instructions for causing one or more processors to limit access to processes in the file 
system resources based upon a requesting process' relationship with a zone 
indicated in the request. 

22. (Previously Presented) The computer readable storage medium of claim 13, further 
comprising: 

instructions for causing one or more processors to provide information about the zone 
with which a process is associated based upon identity of a requesting process 
and relationship between the requesting process and the zone. 

23. Canceled 

24. Canceled 

25. (Previously Presented) An apparatus, comprising: 

means for establishing a global zone, wherein the global zone is a global operating 
system environment that can support execution of one or more processes; 

means for establishing a non-global zone within the global zone, wherein the non- 
global zone is a partition of the global operating system environment, wherein 
the non-global zone operates as a separate and distinct operating system 
environment, and wherein the non-global zone can support execution of one or 
more processes; 
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means for isolating a first process executing within the non-global zone to the non- 
global zone so that the first process does not have visibility or access to 
processes and objects that are not associated with the non-global zone; 

means for permitting a second process executing within the global zone to have 

visibility and access to processes and objects associated with the global zone; 
and 

means for permitting the second process executing within the global zone to have 
access to processes and objects associated with the non-global zone, if the 
second process has a privilege to cross zone boundaries. 

26. Canceled 

27. (Previously Presented) A system, comprising: 
one or more processors; and 

a storage comprising: 

instructions for causing the one or more processors to establish a global zone, 
wherein the global zone is a global operating system environment that 
can support execution of one or more processes; 
instructions for causing the one or more processors to establish a non-global 
zone within the global zone, wherein the non-global zone is a partition 
of the global operating system environment, wherein the non-global 
zone operates as a separate and distinct operating system environment, 
and wherein the non-global zone can support execution of one or more 
processes; 
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instructions for causing the one or more processors to isolate a first process 

executing within the non-global zone to the non-global zone so that the 
first process does not have visibility or access to processes and objects 
that are not associated with the non-global zone; 

instructions for causing the one or more processors to permit a second process 
executing within the global zone to have visibility and access to 
processes and objects associated with the global zone; and 

instructions for causing the one or more processors to permit the second 

process executing within the global zone to have access to processes 
and objects associated with the non-global zone, if the second process 
has a privilege to cross zone boundaries. 
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